HomeInsightsBlogWhat will a no-deal Brexit mean for businesses who import personal data from the EEA?


Blog // 13/02/2019

What will a no-deal Brexit mean for businesses who import personal data from the EEA?

blue equation marks

Kylie GrantKylie Grant – Project Director

While the UK is part of the EU, data can be freely transferred between the two. The current proposed withdrawal agreement provides assurance to businesses that data may continue to be transferred between the EU and UK until 2020 while a longer term solution can be implemented; however, if the UK exits the EU without a deal, European businesses will need to put safeguards in place for transferring data to the UK.

One of the safeguards that can be relied upon for transferring data outside of the EEA is an adequacy decision. An adequacy decision is where the EU has assessed a country’s data protection laws and deemed them at least equivalent to the EU’s. The European Commission will not take an adequacy decision on the UK until it becomes a third county and have not indicated a time frame for doing so. In other cases, adequacy assessment and negotiations have taken many moths; therefore, UK businesses will need other mechanisms in place with their European data exporters to ensure that data can continue to flow freely and lawfully in the event of a no-deal Brexit.

What can UK businesses do to ensure they can still receive data from Europe following a no-deal Brexit?

UK businesses that are part of a multi-national group may consider (or already have in place) binding corporate rules (BCR’s); these are internal rules for the transfer of data among separate entities within a corporate group. If BCR’s are not applicable, UK businesses may consider incorporating standard contractual clauses (SCC’s) into their contracts with European organisations. The UK’s data protection authority, the ICO, has put together a contract builder to assist UK business to implement SCC’s. It may also be possible to rely on other safeguards in accordance with Article 46 of the GDPR.

Whilst it is the European organisations who have the responsibility for adhering to the GDPR, if your business relies on exchanging personal data with European organisations then you should take action now to protect your position with your European clients and suppliers. Refer to the ICO’s no deal Brexit guidance and 6 steps to take.

If you need legal advice and don’t have a data protection lawyer, contact your Menzies relationship manager and we will put you in touch with an appropriate legal professional.

Print Friendly, PDF & Email

  • How competitive is the UK’s tax system in relation to others?

    Although the government is proud of the UK’s position with its most competitive tax system in the G20, initiatives such as the BEPS (Base Erosion and Profit Shifting) project, which has already been adopted by 124 countries, making it harder to stand out from the crowd. With tax becoming an increasingly important global topic, the […]

    Print Friendly, PDF & Email
  • Is your profit data misleading you? Part 1 – valuable insight

    Tim Dunn – Strategic Advisory Partner Developing good products and services is important, but it is not everything – commercially there are a number of pieces of the jigsaw that need to come together if a business is to achieve its potential and fulfil the owner’s dreams. Ultimately, profitability must be a key consideration – […]

    Print Friendly, PDF & Email
  • Is your profit data misleading you? Part 2 – applying to the business

    Tim Dunn – Strategic Advisory Partner In part one we examined the data challenges that face many SMEs and the power in defining what data you need and the difference between detailed analysis verses meaningful analysis. Now it’s time to consider what parts of your business you want to understand better. Stage 1 – define […]

    Print Friendly, PDF & Email